0x676e67 / vproxy Goto Github PK

View Code? Open in Web Editor NEW

97.0 4.0 20.0 164 KB

An easy and powerful Rust HTTP/Socks5/HTTP2Socks5 Proxy server

Home Page: https://crates.io/crates/vproxy

License: GNU General Public License v3.0

Rust 95.72% Shell 4.28%

http ipv4 proxy rust ipv6 network hyper socks5 socks5-server http-server

vproxy's Introduction

vproxy

An easy and powerful Rust HTTP/Socks5 proxy that allows initiating network requests using IP binding calculated from CIDR addresses.

Features

IPv4/IPv6 priority
Service binding IP-CIDR address
Fallback address when IP-CIDR address is unreachable
Basic authentication
IP whitelist
Proxy support (HTTP, SOCKS5)

Install

Curl

curl -s -o /tmp/install.sh https://raw.githubusercontent.com/0x676e67/vproxy/main/install.sh && bash /tmp/install.sh

Cargo

cargo install vproxy

Usage

If you run the program with sudo, it will automatically configure sysctl net.ipv6.ip_nonlocal_bind=1 and ip route add local 2001:470:e953::/48 dev lo for you. If you do not run it with sudo, you will need to configure these manually.

# Enable binding to non-local IPv6 addresses
sudo sysctl net.ipv6.ip_nonlocal_bind=1

# Replace with your IPv6 subnet
sudo ip route add local 2001:470:e953::/48 dev lo

# Run the server http/socks5
vproxy run -i 2001:470:e953::/48 http

# Start the daemon (runs in the background), requires sudo
sudo vproxy start -i 2001:470:e953::/48 http

# Restart the daemon, requires sudo
sudo vproxy restart

# Stop the daemon, requires sudo
sudo vproxy stop

# Show daemon log
vproxy log

# Show daemon status
vproxy status

# Online update
vproxy update

# Test loop request
while true; do curl -x http://127.0.0.1:8100 -s https://api.ip.sb/ip -A Mozilla; done
...
2001:470:e953:5b75:c862:3328:3e8f:f4d1
2001:470:e953:b84d:ad7d:7399:ade5:4c1c
2001:470:e953:4f88:d5ca:84:83fd:6faa
2001:470:e953:29f3:41e2:d3f2:4a49:1f22
2001:470:e953:98f6:cb40:9dfd:c7ab:18c4
2001:470:e953:f1d7:eb68:cc59:b2d0:2c6f

Manual

If no subnet is configured, the local default network proxy request will be used. When the local machine sets the priority Ipv4/Ipv6 and the priority is Ipv4, it will always use Ipv4 to make requests (if any).

When using passwordless authorization, if an IP whitelist exists, only authorized IPs can pass the request.
Append -session-id to the username, where session is a fixed value and ID is an arbitrary random value (e.g., username-session-123456). Keep the Session ID unchanged to use a fixed IP.
For HTTP users who are using password-less authorization and need a fixed IP address, you can add the session-id header to the request (e.g., session-id: 123456). By keeping the Session ID unchanged, you can use a fixed IP. Keep in mind Chrome and Firefox can't set --proxy-header like curl.

Examples

Http proxy session with username and password:

./vproxy run --bind 127.0.0.1:8101 -i 2001:470:70c6::/48 http -u test -p test

$ for i in `seq 1 10`; do curl -x "http://test-session-123456789:[email protected]:8101" https://api6.ipify.org; done
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
$ for i in `seq 1 10`; do curl -x "http://test-session-987654321:[email protected]:8101" https://api6.ipify.org; done
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102

Http proxy session with passwordless authorization:

./vproxy run --bind 127.0.0.1:8101 -w 127.0.0.1 -i 2001:470:70c6::/48 http

$ for i in `seq 1 3`; do curl --proxy-header "session-id: 123456789" -x "http://159.223.22.161:8101" https://api6.ipify.org; done
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
for i in `seq 1 3`; do curl --proxy-header "session-id: 987654321" -x "http://159.223.22.161:8101" https://api6.ipify.org; done
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102

Socks5 proxy session with username and password

./vproxy run --bind 127.0.0.1:8101 -i 2001:470:70c6::/48 socks5 -u test -p test

$ for i in `seq 1 3`; do curl -x "socks5h://test-session-123456789:[email protected]:8101" https://api6.ipify.org; done
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
2001:470:70c6:93ee:9b7c:b4f9:4913:22f5
$ for i in `seq 1 3`; do curl -x "socks5h://test-session-987654321:[email protected]:8101" https://api6.ipify.org; done
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102
2001:470:70c6:41d0:14fd:d025:835a:d102

$ vproxy -h
An easy and powerful Rust HTTP/Socks5 Proxy

Usage: vproxy
       vproxy <COMMAND>

Commands:
  run      Run server
  start    Start server daemon
  restart  Restart server daemon
  stop     Stop server daemon
  ps       Show the server daemon process
  log      Show the server daemon log
  update   Update the application
  help     Print this message or the help of the given subcommand(s)

Options:
  -h, --help     Print help
  -V, --version  Print version

$ vproxy run -h
Run server

Usage: vproxy run [OPTIONS] <COMMAND>

Commands:
  http    Http server
  socks5  Socks5 server
  help    Print this message or the help of the given subcommand(s)

Options:
      --debug                              Debug mode [env: VPROXY_DEBUG=]
  -b, --bind <BIND>                        Bind address [default: 0.0.0.0:8100]
  -c, --concurrent <CONCURRENT>            Concurrent connections [default: 1024]
  -T, --connect-timeout <CONNECT_TIMEOUT>  Connection timeout [default: 10]
  -w, --whitelist <WHITELIST>              IP addresses whitelist, e.g. 47.253.53.46,47.253.81.245
  -i, --cidr <CIDR>                        Ip-CIDR, e.g. 2001:db8::/32
  -f, --fallback <FALLBACK>                Fallback address
  -h, --help                               Print help

Compile

To compile on a Linux machine (e.g., Ubuntu):

git clone https://github.com/gngpp/vproxy.git && cd vproxy
cargo build --release

Contributing

If you would like to submit your contribution, please open a Pull Request.

Getting help

Your question might already be answered on the issues

License

vproxy © gngpp, Released under the GPL-30 License.

Your question might already be answered on the issues

License

vproxy © gngpp, Released under the GPL-30 License.

vproxy's People

Contributors

Stargazers

Watchers

Forkers

xiaosaaaa blue-ethan cooderzeng zhuxindong haojie06 rinch-wu mantsun kuangxiaoye gkingt hajime8673 doves34-34 luckywang6 sameerlike141 ninjayoto itsharex deba12 kismmmnato0933 maxduke

vproxy's Issues

Clarify how whitelist and authentication works

When comparing vproxy to the other proxy servers, there is huge difference how their whitelist and authentication works.

Whitelist is used when ips are allowed to use the proxies with no username+password when they are in the whitelist
Username+password is used when proxy is accessed with username+password

With vproxy as far I can see, there is not that way.
if I don't use -w switch (for whitelist) I see everyone can use my proxy, this is nightmare if someone
miss configures his proxy. Open and unrestricted proxy for every one! Imagine how much abuse and spam will be send through this proxy

I would recommend following changes

By default if -w is not present and no username+password provided by the client - reject the request.
if -w is present and the connection comes from whitelisted ip addresses - allow the request
If -u and -p switches are present - allow the request if the username+password matches with -u/-p

This gives you clearly who and how will have access to the proxy server.

Doesn't work on 4vps

Hi.

I'm using the server https://4vps.su
Ubuntu 22.04

I got Routed IPv6 Prefixes from tunnelbroker
Configured /etc/network/interfaces
sudo systemctl restart networking
Compiled vproxy
Ran the command.

vproxy run -i routed_ipv6

But the requests don't work

while true; do curl -x http://127.0.0.1:8100 ipv6.ip.sb; done
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server
curl: (52) Empty reply from server

vproxy log

2024-03-05T00:28:10.638672Z ERROR vproxy::proxy::http: Failed to serve connection: hyper::Error(User(Service), HyperLegacyError(Error { kind: Connect, source: Some(ConnectError("tcp connect error", Os { code: 113, kind: HostUnreachable, message: "No route to host" })) }))
2024-03-05T00:28:10.649717Z  INFO vproxy::proxy::http: request: Request { method: GET, uri: http://ipv6.ip.sb/, version: HTTP/1.1, headers: {"host": "ipv6.ip.sb", "user-agent": "curl/7.81.0", "accept": "*/*", "proxy-connection": "Keep-Alive"}, body: Body(Empty) }

What could be the problem?

There seems to be some problem with this hoster, because it didn't work using ndppd on it.

But if we are using tunnelbroker we shouldn't care about that, right?
Despite this, I get the same error as without tunnelbroker

Socks5 proxy ?

Hello and thank you for the great tool !

It looks like socks5 proxy is just stubbed. Do you have any plans to implement it ?

Thank you

大佬，开启隧道后curl https://api.ip.sb/ip 会提示 CApath: none 但是实际* CAfile: /etc/pki/tls/certs/ca-bundle.crt 路径没有错误

请问是什么原因，应该怎么解决

http proxy must return proper response status

Http proxy must return proper response codes when unable to authorize/authenticate/fulfill the request.
Optionally string with proper error information

When the ipaddress is not in the whitelist and username/password are missing

403 Forbidden

When the username/password are wrong

407 Proxy Authentication Required

When unable to complete the request (missing dns name, or other errors)

500 Internal Server Error

When unable to connect to the remote server

502 Bad Gateway

When connection times out

504 Gateway Timeout

根据客户端请求的ip选择出站

可以根据客户端请求的ip选择出站？比如curl -x http://[IPv6-a]:8100 https://ifconfig.me，这里代理使用IPv6-a出站获取IPv6-a地址

Add switch to disable ipv4 traffic forward

At the moment if I try to use "socks5" as proxy (dns resolving happens on client side)
I see my ipv4 address is used

# curl -x "socks5://test:[email protected]:8101" ifconfig.co
xxx.xxx.xxx.161

Please add switch to completely disable ipv4 proxy traffic, or you are risking the proxy ipv4 address leak when remote sites have mixed ipv4/ipv6 addresses

轮训失效

作者您好，
请问为什么vproxy run -i xxxx/112 socks5 no-auth之后，使用socks5代理实际上还是用的默认的ipv6地址，没有起到轮询的作用？
谢谢！

直接 curl 服务会崩

大佬，服务启动后，运行curl 127.0.0.1:8100 会崩（老版本好像不会），有空看看哇。

IS IT SUPPORTING UDP PROTOCOL OF SOCKS 5 OR NOT?

if not then are you planning to add a support

Add authentication for random ipv6

I noticed that you added session authentication for socks5 and http proxy, so could you add one single authentication for socks5 and http proxy with random ipv6?

More listening ports

Hello,
we have the following case, we want to use the same ipv6 as long as needed.
Can you add possibility to have more listening ports (between 1000 and 10000) and for
every port to assign random ipv6 address from the subnet on proxy start. When the daemon receives HUP
signal to change all assigned ipv6 addresses on all ports (think like restart action without actually restarts the proxy)

What do you think is it possible?

alpine docker中的问题

我在alpine:3.19镜像中配置了he tunnel隧道，使用curl测试时可以联通。启动vproxy时没有报错，但通过socks5或http连接无法工作，vproxy表现为没有接受到socks5代理转发来的请求，使用xray项目的random ipv6功能也是一样的问题，可能是alpine缺少相关依赖，希望大佬有时间排查一下

0x676e67 / vproxy Goto Github PK

vproxy's Introduction

vproxy

Features

Install

Usage

Manual

Examples

Compile

Contributing

Getting help

License

License

vproxy's People

Contributors

Stargazers

Watchers

Forkers

vproxy's Issues

Recommend Projects

Recommend Topics

Recommend Org